]]>https://reportcybercrime.com/medium-cve-2020-13803-foxitsoftware-phantompdf/feed/0Scam Spotter Makes Defense Clear and Simplehttps://reportcybercrime.com/scam-spotter-makes-defense-clear-and-simple/?utm_source=rss&utm_medium=rss&utm_campaign=scam-spotter-makes-defense-clear-and-simple
https://reportcybercrime.com/scam-spotter-makes-defense-clear-and-simple/#respondFri, 05 Jun 2020 13:49:00 +0000https://reportcybercrime.com/scam-spotter-makes-defense-clear-and-simple/Plus, more news bytes of the week including Sandworm sneak attacks and a SnapTube situation Last week, Google and the Cybercrime Support Network launched a public service site called Scam Spotter that aims to bring scam awareness and fraud protection...

Plus, more news bytes of the week including Sandworm sneak attacks and a SnapTube situation

Last week, Google and the Cybercrime Support Network launched a public service site called Scam Spotter that aims to bring scam awareness and fraud protection to all users, including the least tech-savvy. The site uses an easy-to-read large font and very simple terms to explain scams and describe “three golden rules” every user can follow to protect themselves. The rules guide the user to recognize false urgency, to reach out to the official agency supposedly making the request, and to avoid falling for payment demands. The site also explains the most common ruses found in inboxes today – COVID-19 scams, romance scams, bad news scams, and good news scams.

According to the website, scammers are expected to steal over $2 billion in 2020. Last year, the FTC reported that consumers lost $1.9 billion to scams, which equates to $3,600 every minute of 2019. Scam Spotter urges victims to report their scam experience to the FTC in order to keep public intelligence as updated as possible. “We all have a part to play in the fight against fraud,” the site proclaims, offering plenty of share buttons for its at-a-glance information.

Avast Security Evangelist Luis Corrons applauds the effort, commenting, “Resources such as Scam Spotter are fantastic to help raise awareness. They offer general tips that enable users to identify these attacks, and in the Quiz section, they can test their abilities. In truth, spotting scams is really easy, at least when you’ve seen similar tricks in the past. You do not need to be a hacker, any user can recognize these tactics.”

NSA warns about Russian group exploiting email flaw

The U.S. National Security Agency (NSA) released an advisory about Russian advanced persistent threat (APT) group Sandworm attacking a vulnerability in the Exim Mail Transfer Agent, which comes preinstalled on certain Linux systems. The exploit allows attackers to install programs, modify data, and and create new accounts. While a patch for the flaw was issued in June 2019, the NSA says the Sandworm team has been attacking unpatched systems since at least August 2019. Dark Reading noted that the advisory is unusual and possibly indicates a substantial threat is at large, particularly during the U.S. election year.

This week’s quote

“Unless the population is properly educated about this solution and the app is executed properly, the general population may be hesitant to opt in.” – CyberGRX privacy and cybersecurity analyst Caitlin Gruenberg on hesitations around using Apple/Google contact tracing apps. Read more here.

Malicious SnapTube installed on tens of millions of devices

A Forbes report this week warned that any users who have the malicious app SnapTube on their devices should delete it immediately. The video downloading app has been a known defrauder since October 2019, when security researchers discovered that it conducted devious background activity such as advertising click fraud and signing users up for premium subscriptions. Chinese parent company Mobiuspace responded to the researchers’ data by blaming a third party called Mango SDK, which they promised would be removed from the next update. However, between January and May this year, researchers have observed over 32 million more malicious SnapTube transactions.

This week’s stat

$1.2 trillion

That’s how much U.S. organizations lost due to data breaches in 2019, according to a new report.

Most users do not change their passwords after a data breach

Carnegie Mellon CyLab presented a study at IEEE 2020 that used web browser traffic to trace the natural habits of 249 users and observe how they dealt with data breaches. Of the 269, only 63 had their accounts involved in a data breach during the study. Researchers saw that of those 63, only 15 visited the breached site to change their passwords within 3 months of the announcement of the breach. Another 6 visited the breached site to change their passwords after 3 months had passed. Of the full 21 users who changed their passwords, only a third changed them to something more complex. The rest changed their passwords with replacements of equal or lower security.

Attackers add auctioning to their ransomware campaigns

Mere months after ransomware attackers began posting stolen data publicly to pressure victims into paying the ransom, they have added a new tactic to increase pressure – the threat of auctioning off the information. Ars Technica reported that two such auctions are currently being advertised on the dark web, one for more than 10,000 files from a food distributor and one for more than 22,000 files from a Canadian agriculture company. Ars Technica suggests that while the ransomware remains a popular attack method, perhaps the new high-pressure tactics indicate that attackers are having problems getting victims to pay.

This week’s ‘must-read’ on The Avast Blog

Looking for tips on how to clean up your digital life before summer rolls around? We’ve got 5 great ones for you.

Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.

]]>https://reportcybercrime.com/cve-2020-13803-foxit-phantompdf-mac%e5%92%8creader-for-mac-%e5%ae%89%e5%85%a8%e6%bc%8f%e6%b4%9e-%e6%bc%8f%e6%b4%9e%e6%83%85%e6%8a%a5%e3%80%81%e6%bc%8f%e6%b4%9e%e8%af%a6%e6%83%85%e3%80%81%e5%ae%89/feed/0Pardon the Intrusion #19: Paying for Privacyhttps://reportcybercrime.com/pardon-the-intrusion-19-paying-for-privacy/?utm_source=rss&utm_medium=rss&utm_campaign=pardon-the-intrusion-19-paying-for-privacy
https://reportcybercrime.com/pardon-the-intrusion-19-paying-for-privacy/#respondFri, 05 Jun 2020 04:11:00 +0000https://reportcybercrime.com/pardon-the-intrusion-19-paying-for-privacy/Subscribe to this bi-weekly newsletter here! Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security. COVID-19 accelerated the use of Zoom for video calling. But so did the...

Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security.

COVID-19 accelerated the use of Zoom for video calling. But so did the security problems and revelations that it didn’t actually support end-to-end encryption (E2EE), misleading users about the security of the platform.

In the aftermath, it promised to invest in E2EE on its platform, and acquired encrypted chat service Keybase in an attempt to secure its communications. All seemed well until yesterday: Zoom confirmed that it plans to offer stronger encryption features only for its paying users. It won’t be extended to the free tier.

“Free users, for sure, we don’t want to give that [end-to-end encryption] because we also want to work it together with FBI and local law enforcement, in case some people use Zoom for bad purpose [sic],” Zoom CEO Eric Yuan said in an earnings call this week.

The idea that encryption could hamper law enforcement’s ability to fight criminal acts — widely known as the “Going Dark” problem — is not new.

Last year, Facebook ran into troubled waters after governments in the US, UK, and Australia called on the company to delay its plans to implement E2EE across its messaging apps until “there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens.”

But by putting a premium on privacy, Zoom seems to be aiming for a tricky balancing act that improves security but also minimizes the risk of abuse. The move also puts it at odds with wider attempts to embrace encryption on the web.

Alex Stamos, former Facebook’s chief security officer who’s now working as an outside consultant on Zoom’s security strategy, elaborated on this further in a Twitter thread:

Zoom is dealing with some serious safety issues. When people disrupt meetings (sometimes with hate speech, CSAM, exposure to children and other illegal behaviors) that can be reported by the host. Zoom is working with law enforcement on the worst repeat offenders.

In a climate where there’s no alternative that offers E2EE group calls (Signal and Jitsi‘s are limited to one-on-one), Zoom‘s proposed encryption model is in the right direction.

But by choosing to turn a basic security feature into a premium paid offering, Zoom is setting a wrong precedent wherein privacy is limited to those who can afford to pay for it.

What’s trending in security?

Apple fixed a critical security flaw in its “Sign In With Apple” feature, Google found more evidence of credential-stealing attacks exploiting COVID-19, and new details emerged about an iPhone spyware app, called Hide UI, used by law enforcement to unlock devices when it doesn’t have the user’s passcode.

Hacktivist group Anonymous has returned from the shadows, and has promised retribution against the Minneapolis Police Department (MPD) over the death of George Floyd. The MPD’s website was then temporarily taken offline in a suspected Distributed Denial of Service (DDoS) attack, but researcher Troy Hunt said the leaked data “has almost certainly been pulled out of existing data breaches in an attempt to falsely fabricate a new one.” [Troy Hunt]

For everyone who is protesting in support of Black Lives Matter and against George Floyd’s death at the hands of the Minneapolis Police Department — and those who are planning to attend one — here are some handy precautions to take before you go. Also make sure you turn off biometrics on your phone. [TNW]

The baddies behind REvil (Sodinokibi) ransomware launched an eBay-like auction site to sell data stolen from the companies they hack. [ZDNet]

Apple fixed a flaw in “Sign In With Apple” that could have allowed attackers to hijack any user’s accounts on third-party apps that offer the login option. [The Hacker News]

A hacking group that calls itself ShinyHunters has been selling 200 million stolen records on the dark web from over a dozen companies. [WIRED]

COVID-19 themed malware attacks are still on the rise. Google said it found new activity from Indian “hack-for-hire” firms that have been impersonating the WHO in credential-stealing email campaigns to target business leaders in financial services, consulting, and healthcare corporations across the US, Slovenia, Canada, India, Bahrain, Cyprus, and UK. [Google]

A vigilante hacker group called “CyberWare” has been targeting “scam” companies with ransomware and denial of service attacks. [Bleeping Computer]

New “Octopus Scanner” malware was found compromising open-source GitHub projects to spread to Windows, Linux, and macOS systems, and deploying malicious backdoor. [GitHub

A new study — (How) Do People Change Their Passwords After a Breach? — found that only around a third of users usually change their passwords following a data breach. [IEEE Security (PDF)]

Sandworm, the hackers working for Russia’s military intelligence agency, have been exploiting a vulnerability in Exim Mail Transfer Agent software since August of last year for malicious motives. The NSA recommends patching Exim servers immediately by installing version 4.93 or newer. [NSA / WIRED]

An Android malware called Strandhogg 2.0 mimics apps’ login screens to hijack passwords and grant extensive permissions. It affects all versions of Android prior to 10. Google has already patched the flaw in a security update pushed last month. [Ars Technica]

A new version of Valak malware has been found targeting Microsoft Exchange servers in the US and Germany to steal enterprise mailing information and passwords. [Cybereason]

Amnesty International discovered a critical flaw in Qatar’s mandatory-to-use EHTERAZ contact-tracing app, which had it not been reported and fixed, could’ve allowed attackers access to highly sensitive data, “including the name, national ID, health status and location data of more than one million users.” [Amnesty International]

US authorities arrested a Ukranian national, Denys Iarmak, an alleged member of the FIN7 cybercrime group that’s been accused of hacking Chipotle, Whole Foods, and Trump Hotels. FIN7 (also called Carbanak Group) has been tied to a string of financially-motivated attacks since 2015 to conduct fraudulent wire transfers to offshore accounts. [Motherboard]

]]>https://reportcybercrime.com/chrome-warum-anonymes-surfen-bei-google-gar-nicht-anonym-ist/feed/0Cybersecurity And Data Analytics -Self Reflectionhttps://reportcybercrime.com/cybersecurity-and-data-analytics-self-reflection-2/?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-and-data-analytics-self-reflection-2
https://reportcybercrime.com/cybersecurity-and-data-analytics-self-reflection-2/#respondThu, 04 Jun 2020 16:24:00 +0000https://reportcybercrime.com/cybersecurity-and-data-analytics-self-reflection-2/AI/ML in Fighting Cyber Threats Photo by Markus Spiske on Unsplash It was in 2017 when I read about the Economist article “The world’s most valuable resource is no longer oil, but data” an idea which was first coined by...

AI/ML in Fighting Cyber Threats

It was in 2017 when I read about the Economist article “The world’s most valuable resource is no longer oil, but data” an idea which was first coined by Clive Humby, UK Mathematician and architect of Tesco’s Clubcard in 2006. I could see everyone talking about the infinite potential of data and how to use it in a million ways. Companies like Google, Amazon, Uber, Facebook were at the forefront utilising, their vast amount of user data to enhance the customer experience as well as improve their business utilising artificial intelligence (AI). Cyberwarfare seems to be dominating headlines as of late. Be it alleged government agencies attempting to steal classified information or a clandestine group hacking computers for ‘fun’ or; the Internet landscape has been transformed into a binary battlefield. I particularly liked the quote “Who needs a gun when you have a keyboard?” [2]. However, it was during the recent controversies related to banning Chinese telecom companies like Huawei from participation in 5G auctions across various nations like USA, UK, Australia and Canda [3], I realised the risks attached to AI-powered cyber connectivity. This prompted me to explore more about cybersecurity in general and how data analytics can help in tackling it i.e. cybersecurity analytics, in specific.

The Oxford dictionary defines cybersecurity as “the state of being protected against the criminal or unauthorised use of electronic data, or the measures taken to achieve this “.

In general, cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. As a definition, cybersecurity analytics has its industry definition as “analysing data to detect anomalies, unusual user behaviour and other threats”. It aggregates data from across the entire enterprise ecosystem and turns that data into actionable insights — so that the IT team can promptly act on minimising those risks. Advanced features like artificial intelligence (AI) and machine learning (ML) further help by automating the detection and remediation process” [6]. Cybersecurity analytics combines big data capabilities with threat intelligence to help detect, analyse and alleviate the insider threats, as well as targeted attacks from external bad actors and persistent cyber threats.

First known cybersecurity incident dates back to 1988, when Robert Tappan Morris, a student at Cornell University in the USA, transmitted his computer worm the “Morris Worm” through the internet. He later claimed it was not aimed to harm but was made for the innocuous intent to determine the vastness of the cyberspace. While this event could be pinned as being an unfortunate accident, it in no doubt, played a part in inspiring the dreadful distributed denial-of-service (DDoS) type of attacks we see today [2]. Following that, there were several high profile cyber-attacks on various entities like E-bay, Google, NASA and Microsoft.

Small businesses were assumed to an unlikely target for a sophisticated cyber-attack for many years. A relatively unknown brand name and fewer financial resources worked in their favour to ward off hackers. Not anymore. Today, the dam has broken for start-ups and small-mid size companies when it comes to cybersecurity. Consider the case of humanitarian aid trip organiser Volunteer Voyages, a single-owner small business which suffered $14,000 in fraudulent charges after an online thief pilfered its debit card information, which the bank refused to reimburse. [7]

I later looked at the evolution of big data analytics’ application in cybersecurity. In late 2012, ESG had published a research report titled, “The Intersection Between Big Data and Security Analytics.” This study resulted from an in-depth survey of 250+ security professionals working at enterprise organisations (with more than 1,000 employees). I believe the most profound data point from this project was that security analytics requirements are already considering “big data” at 44% of enterprise organisations today. In comparison, another 44% of enterprise organisations believe that the collection, processing, and analysis of cybersecurity events, packets & logs will be considered “big data” within the next two years [8].

The cybersecurity scenario is evolving more complex constantly as cyber-attacks grow increasingly determined, with the coming years showing more challenges than ever for organisations attempting to keep over their IT security. For the C-suite, in any case, management of cyber threats can no longer be overlooked. As opposed to concentrating on the perpetual stream of malware monikers, corporate chiefs, CEOs and other senior executives have to remain focused on business risks. Managing cyber risks resembles dealing with any other sort of business risks which require trade-offs. It boils down to proactively aligning assets to relieve the probability of cybersecurity episodes and limit the harm when some cyberattacks inevitably enter defences. [9]

Based on my research, I realised that there are a few critical areas in which the industry is focusing on, as listed below.

Threats in the Internet of Things: With the advent of IoT, our indoor regulator, coffee maker, TV, and vehicle all have the option to be associated through our electronic devices. This, unfortunately, implies that they are susceptible to hacking. With the amount of information these gadgets trade between them, machine to machine security is very much essential than ever before. The biggest challenge faced by the Internet of Things (IoT) is buyers’ reluctance to pay for a more secure device, which in turn leads manufacturers to hold back on their safety efforts.

Attacking Value: Breaches of retail and hospitality chains still stand out as truly newsworthy as they can influence a large number of buyers, security specialists have created toolboxes to deal with those outcomes, making these attacks less worthwhile for hackers. Attackers are proceeding onward from gigantic customer databases looking for caches that are less splashy on paper, yet conceivably increasingly valuable like law offices & public accountants, which store volumes of sensitive and favoured data, however, without refined cybersecurity measures

Passwords: People are getting more and more aware of password thefts and hence move towards multi-factor authentications. Extensive adoption of mobile phones makes code confirmation through text message or applications a lot simpler to deploy than a dedicated security token. I myself moved from a simple password-based login to my email, to a two-factor authentication based on text message as well as an authenticator app.

Skilled Security Experts: The highest cybersecurity risk confronting organisations today is not having the staff to authorise safety measures in the work environment appropriately. Having skilled IT security experts to avert exorbitant breaches before they occur, and can screen any known dangers to the organisation’s cybersecurity.

How ML/AI Helps in Tackling Cyber Threats

Machine Learning In Cyber Threat Detection: Machine learning(ML) is that part of Artificial Intelligence(AI) which has proven to be extremely beneficial when it comes to identifying cyber threats based on analysing data and identifying threats before they exploit a vulnerability in the IT systems. Machine Learning enables computers to use and adapt various algorithms based on the data they received, learn from it, and understand the consequent enhancements required. In a cybersecurity context, this means that machine learning enables the computer to predict threats and detect any anomalies with a lot more accuracy than any human can.

AI, Password Protection and Authentication: Developers are utilising AI to enhance biometric authentication capabilities and get rid of its deficiencies to make it a fool-proof system. Apple’s face recognition technology, called ‘Face ID, used on its iPhone X devices, is one example’. The technology works by analysing & processing the user’s facial features through its built-in infra-red sensors and neural engines. The AI software then creates a sophisticated model of the user’s face by identifying key patterns and correlations. Apple claims that, with this technology, there is only a one-in-a-million chance of fooling the AI and unlocking our gadget with a different face. The AI software system can also work in varying lighting conditions and compensate for changes like getting a new hairstyle, growing facial hair or wearing a hat.

AI-ML In Phishing Detection And Prevention Control: One of the most widely used cyber-attack methods, where hackers try to deliver their payload using a phishing attack, is called phishing. Phishing emails are extremely predominant; one in every 99 emails is a phishing attack. Fortunately, AI-ML plays a significant role in preventing and deterring such phishing attacks. AI-ML can proactively detect and track more than 10,000 active phishing sources and react and remediate much quicker than humans can do. Moreover, AI-ML works at scanning phishing threats from all over the globe, and there are no restrictions on its understanding of phishing campaigns to any specific geographical area. AI has made it possible to effectively differentiate between a fake website and a genuine one quickly.

Usage of AI-ML In Vulnerability Management: AI-ML based systems do not wait for a vulnerability to be exploited by online threats. Instead, these AI-based systems proactively look for potential vulnerabilities in organisational information systems, and they do so by effectively merging multiple factors, such as the reputation of the hacker or patterns used and hackers’ discussions on the dark web. These systems can analyse these factors and use the information to determine how and when the threats might make their way to vulnerable targets.

Behavioural Analytics with AI: Another promising enhancement of security by AI comes from its behavioural analytics ability. What this means is that ML algorithms can learn and create a pattern of our behaviour by analysing how we usually use our device and online platforms. The details can include everything from our typical login times and IP addresses to our typing and scrolling patterns. If at any point in time, the AI algorithms notice unusual activities or any actions that fall outside our usual patterns, it can flag it as an anomaly or even block the user. The activities that tick off the AI algorithms can be anything from a sudden spike in document download from our archived folders, large online purchases shipped to addresses other than ours, or a sudden change in our typing speed.[10]

I believe that cyber threats are growing in strength and number, and the future of cybersecurity is looking ever more challenging and complex. Organisations are, therefore turning to analytics and automation to aid cyber specialists in their job.

Cybersecurity is too often reactive to breaches and hacks, with actions only taken after (sometimes long after) a problem has happened. The technology which is most widely used to address cyberattacks employs “threat signatures” based on patterns of previous attacks. However, these approaches are of very limited value in preventing new types of attacks.

Of course, technology is not going to solve all cybersecurity problems. There can be some automated actions undertaken; but in lot many cases, organisations will want to investigate problems identified by analytics before taking corrective action. The investigation requires research, testing, and perhaps even interviews for internal threats — all of which will involve human experts as well. This means that the most effective cybersecurity environments will be complex hybrids of machine and human intelligence and that the handoffs between automated and analytics-driven alerts and human interventions will be extremely important for adequate security.[11]

A promising solution is to employ data analytics to predict and screen cyber threats and to take some automated corrective actions. Given the relevance of cybersecurity issues, there is also no doubt that humans will still be necessary to confirm and investigate threats, mainly when they are internal. However, their jobs will be made much more comfortable and productive with some help from technology.

Cybersecurity analytics analyses and enriches traditional and non-traditional security data sources with context to extract meaningful, actionable insight. Next-gen security analytics solutions must combine a bigdata-scale data platform with advanced techniques, consisting of machine learning and anomaly detection, to enable the analysts to identify threats that matter most to the business.

]]>https://reportcybercrime.com/cybersecurity-and-data-analytics-self-reflection-2/feed/0Cybersecurity And Data Analytics -Self Reflectionhttps://reportcybercrime.com/cybersecurity-and-data-analytics-self-reflection/?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-and-data-analytics-self-reflection
https://reportcybercrime.com/cybersecurity-and-data-analytics-self-reflection/#respondThu, 04 Jun 2020 14:03:00 +0000https://reportcybercrime.com/cybersecurity-and-data-analytics-self-reflection/AI/ML in Fighting Cyber Threats Photo by Markus Spiske on Unsplash It was in 2017 when I read about the Economist article “The world’s most valuable resource is no longer oil, but data” an idea which was first coined by...

AI/ML in Fighting Cyber Threats

It was in 2017 when I read about the Economist article “The world’s most valuable resource is no longer oil, but data” an idea which was first coined by Clive Humby, UK Mathematician and architect of Tesco’s Clubcard in 2006. I could see everyone talking about the infinite potential of data and how to use it in a million ways. Companies like Google, Amazon, Uber, Facebook were at the forefront utilising, their vast amount of user data to enhance the customer experience as well as improve their business utilising artificial intelligence (AI). Cyberwarfare seems to be dominating headlines as of late. Be it alleged government agencies attempting to steal classified information or a clandestine group hacking computers for ‘fun’ or; the Internet landscape has been transformed into a binary battlefield. I particularly liked the quote “Who needs a gun when you have a keyboard?” [2]. However, it was during the recent controversies related to banning Chinese telecom companies like Huawei from participation in 5G auctions across various nations like USA, UK, Australia and Canda [3], I realised the risks attached to AI-powered cyber connectivity. This prompted me to explore more about cybersecurity in general and how data analytics can help in tackling it i.e. cybersecurity analytics, in specific.

The Oxford dictionary defines cybersecurity as “the state of being protected against the criminal or unauthorised use of electronic data, or the measures taken to achieve this “.

In general, cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. As a definition, cybersecurity analytics has its industry definition as “analysing data to detect anomalies, unusual user behaviour and other threats”. It aggregates data from across the entire enterprise ecosystem and turns that data into actionable insights — so that the IT team can promptly act on minimising those risks. Advanced features like artificial intelligence (AI) and machine learning (ML) further help by automating the detection and remediation process” [6]. Cybersecurity analytics combines big data capabilities with threat intelligence to help detect, analyse and alleviate the insider threats, as well as targeted attacks from external bad actors and persistent cyber threats.

First known cybersecurity incident dates back to 1988, when Robert Tappan Morris, a student at Cornell University in the USA, transmitted his computer worm the “Morris Worm” through the internet. He later claimed it was not aimed to harm but was made for the innocuous intent to determine the vastness of the cyberspace. While this event could be pinned as being an unfortunate accident, it in no doubt, played a part in inspiring the dreadful distributed denial-of-service (DDoS) type of attacks we see today [2]. Following that, there were several high profile cyber-attacks on various entities like E-bay, Google, NASA and Microsoft.

Small businesses were assumed to an unlikely target for a sophisticated cyber-attack for many years. A relatively unknown brand name and fewer financial resources worked in their favour to ward off hackers. Not anymore. Today, the dam has broken for start-ups and small-mid size companies when it comes to cybersecurity. Consider the case of humanitarian aid trip organiser Volunteer Voyages, a single-owner small business which suffered $14,000 in fraudulent charges after an online thief pilfered its debit card information, which the bank refused to reimburse. [7]

I later looked at the evolution of big data analytics’ application in cybersecurity. In late 2012, ESG had published a research report titled, “The Intersection Between Big Data and Security Analytics.” This study resulted from an in-depth survey of 250+ security professionals working at enterprise organisations (with more than 1,000 employees). I believe the most profound data point from this project was that security analytics requirements are already considering “big data” at 44% of enterprise organisations today. In comparison, another 44% of enterprise organisations believe that the collection, processing, and analysis of cybersecurity events, packets & logs will be considered “big data” within the next two years [8].

The cybersecurity scenario is evolving more complex constantly as cyber-attacks grow increasingly determined, with the coming years showing more challenges than ever for organisations attempting to keep over their IT security. For the C-suite, in any case, management of cyber threats can no longer be overlooked. As opposed to concentrating on the perpetual stream of malware monikers, corporate chiefs, CEOs and other senior executives have to remain focused on business risks. Managing cyber risks resembles dealing with any other sort of business risks which require trade-offs. It boils down to proactively aligning assets to relieve the probability of cybersecurity episodes and limit the harm when some cyberattacks inevitably enter defences. [9]

Based on my research, I realised that there are a few critical areas in which the industry is focusing on, as listed below.

Threats in the Internet of Things: With the advent of IoT, our indoor regulator, coffee maker, TV, and vehicle all have the option to be associated through our electronic devices. This, unfortunately, implies that they are susceptible to hacking. With the amount of information these gadgets trade between them, machine to machine security is very much essential than ever before. The biggest challenge faced by the Internet of Things (IoT) is buyers’ reluctance to pay for a more secure device, which in turn leads manufacturers to hold back on their safety efforts.

Attacking Value: Breaches of retail and hospitality chains still stand out as truly newsworthy as they can influence a large number of buyers, security specialists have created toolboxes to deal with those outcomes, making these attacks less worthwhile for hackers. Attackers are proceeding onward from gigantic customer databases looking for caches that are less splashy on paper, yet conceivably increasingly valuable like law offices & public accountants, which store volumes of sensitive and favoured data, however, without refined cybersecurity measures

Passwords: People are getting more and more aware of password thefts and hence move towards multi-factor authentications. Extensive adoption of mobile phones makes code confirmation through text message or applications a lot simpler to deploy than a dedicated security token. I myself moved from a simple password-based login to my email, to a two-factor authentication based on text message as well as an authenticator app.

Skilled Security Experts: The highest cybersecurity risk confronting organisations today is not having the staff to authorise safety measures in the work environment appropriately. Having skilled IT security experts to avert exorbitant breaches before they occur, and can screen any known dangers to the organisation’s cybersecurity.

How ML/AI Helps in Tackling Cyber Threats

Machine Learning In Cyber Threat Detection: Machine learning(ML) is that part of Artificial Intelligence(AI) which has proven to be extremely beneficial when it comes to identifying cyber threats based on analysing data and identifying threats before they exploit a vulnerability in the IT systems. Machine Learning enables computers to use and adapt various algorithms based on the data they received, learn from it, and understand the consequent enhancements required. In a cybersecurity context, this means that machine learning enables the computer to predict threats and detect any anomalies with a lot more accuracy than any human can.

AI, Password Protection and Authentication: Developers are utilising AI to enhance biometric authentication capabilities and get rid of its deficiencies to make it a fool-proof system. Apple’s face recognition technology, called ‘Face ID, used on its iPhone X devices, is one example’. The technology works by analysing & processing the user’s facial features through its built-in infra-red sensors and neural engines. The AI software then creates a sophisticated model of the user’s face by identifying key patterns and correlations. Apple claims that, with this technology, there is only a one-in-a-million chance of fooling the AI and unlocking our gadget with a different face. The AI software system can also work in varying lighting conditions and compensate for changes like getting a new hairstyle, growing facial hair or wearing a hat.

AI-ML In Phishing Detection And Prevention Control: One of the most widely used cyber-attack methods, where hackers try to deliver their payload using a phishing attack, is called phishing. Phishing emails are extremely predominant; one in every 99 emails is a phishing attack. Fortunately, AI-ML plays a significant role in preventing and deterring such phishing attacks. AI-ML can proactively detect and track more than 10,000 active phishing sources and react and remediate much quicker than humans can do. Moreover, AI-ML works at scanning phishing threats from all over the globe, and there are no restrictions on its understanding of phishing campaigns to any specific geographical area. AI has made it possible to effectively differentiate between a fake website and a genuine one quickly.

Usage of AI-ML In Vulnerability Management: AI-ML based systems do not wait for a vulnerability to be exploited by online threats. Instead, these AI-based systems proactively look for potential vulnerabilities in organisational information systems, and they do so by effectively merging multiple factors, such as the reputation of the hacker or patterns used and hackers’ discussions on the dark web. These systems can analyse these factors and use the information to determine how and when the threats might make their way to vulnerable targets.

Behavioural Analytics with AI: Another promising enhancement of security by AI comes from its behavioural analytics ability. What this means is that ML algorithms can learn and create a pattern of our behaviour by analysing how we usually use our device and online platforms. The details can include everything from our typical login times and IP addresses to our typing and scrolling patterns. If at any point in time, the AI algorithms notice unusual activities or any actions that fall outside our usual patterns, it can flag it as an anomaly or even block the user. The activities that tick off the AI algorithms can be anything from a sudden spike in document download from our archived folders, large online purchases shipped to addresses other than ours, or a sudden change in our typing speed.[10]

I believe that cyber threats are growing in strength and number, and the future of cybersecurity is looking ever more challenging and complex. Organisations are, therefore turning to analytics and automation to aid cyber specialists in their job.

Cybersecurity is too often reactive to breaches and hacks, with actions only taken after (sometimes long after) a problem has happened. The technology which is most widely used to address cyberattacks employs “threat signatures” based on patterns of previous attacks. However, these approaches are of very limited value in preventing new types of attacks.

Of course, technology is not going to solve all cybersecurity problems. There can be some automated actions undertaken; but in lot many cases, organisations will want to investigate problems identified by analytics before taking corrective action. The investigation requires research, testing, and perhaps even interviews for internal threats — all of which will involve human experts as well. This means that the most effective cybersecurity environments will be complex hybrids of machine and human intelligence and that the handoffs between automated and analytics-driven alerts and human interventions will be extremely important for adequate security.[11]

A promising solution is to employ data analytics to predict and screen cyber threats and to take some automated corrective actions. Given the relevance of cybersecurity issues, there is also no doubt that humans will still be necessary to confirm and investigate threats, mainly when they are internal. However, their jobs will be made much more comfortable and productive with some help from technology.

Cybersecurity analytics analyses and enriches traditional and non-traditional security data sources with context to extract meaningful, actionable insight. Next-gen security analytics solutions must combine a bigdata-scale data platform with advanced techniques, consisting of machine learning and anomaly detection, to enable the analysts to identify threats that matter most to the business.